2 c68baad2 2023-06-06 op * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
4 c68baad2 2023-06-06 op * Permission to use, copy, modify, and distribute this software for any
5 c68baad2 2023-06-06 op * purpose with or without fee is hereby granted, provided that the above
6 c68baad2 2023-06-06 op * copyright notice and this permission notice appear in all copies.
8 c68baad2 2023-06-06 op * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 c68baad2 2023-06-06 op * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 c68baad2 2023-06-06 op * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 c68baad2 2023-06-06 op * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 c68baad2 2023-06-06 op * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 c68baad2 2023-06-06 op * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 c68baad2 2023-06-06 op * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 c68baad2 2023-06-06 op #include "gmid.h"
19 c26f2460 2023-06-08 op #include <sys/stat.h>
21 c26f2460 2023-06-08 op #include <fcntl.h>
22 c26f2460 2023-06-08 op #include <limits.h>
23 c68baad2 2023-06-06 op #include <string.h>
25 86693a33 2023-06-11 op #include <openssl/pem.h>
27 c26f2460 2023-06-08 op #include "log.h"
28 c26f2460 2023-06-08 op #include "proc.h"
31 af1dab18 2023-06-09 op config_new(void)
33 af1dab18 2023-06-09 op struct conf *conf;
35 af1dab18 2023-06-09 op conf = xcalloc(1, sizeof(*conf));
37 af1dab18 2023-06-09 op TAILQ_INIT(&conf->fcgi);
38 af1dab18 2023-06-09 op TAILQ_INIT(&conf->hosts);
39 86693a33 2023-06-11 op TAILQ_INIT(&conf->pkis);
41 af1dab18 2023-06-09 op conf->port = 1965;
42 af1dab18 2023-06-09 op conf->ipv6 = 0;
43 af1dab18 2023-06-09 op conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
45 af1dab18 2023-06-09 op init_mime(&conf->mime);
47 af1dab18 2023-06-09 op conf->prefork = 3;
49 ba290ef3 2023-06-11 op #ifdef __OpenBSD__
50 ba290ef3 2023-06-11 op conf->use_privsep_crypto = 1;
53 af1dab18 2023-06-09 op conf->sock4 = -1;
54 af1dab18 2023-06-09 op conf->sock6 = -1;
60 af1dab18 2023-06-09 op config_purge(struct conf *conf)
62 c26f2460 2023-06-08 op struct privsep *ps;
63 5d22294a 2023-06-09 op struct fcgi *f, *tf;
64 c68baad2 2023-06-06 op struct vhost *h, *th;
65 c68baad2 2023-06-06 op struct location *l, *tl;
66 c68baad2 2023-06-06 op struct proxy *p, *tp;
67 c68baad2 2023-06-06 op struct envlist *e, *te;
68 c68baad2 2023-06-06 op struct alist *a, *ta;
69 86693a33 2023-06-11 op struct pki *pki, *tpki;
70 ba290ef3 2023-06-11 op int use_privsep_crypto;
72 af1dab18 2023-06-09 op ps = conf->ps;
73 ba290ef3 2023-06-11 op use_privsep_crypto = conf->use_privsep_crypto;
75 af1dab18 2023-06-09 op if (conf->sock4 != -1) {
76 af1dab18 2023-06-09 op event_del(&conf->evsock4);
77 af1dab18 2023-06-09 op close(conf->sock4);
80 af1dab18 2023-06-09 op if (conf->sock6 != -1) {
81 af1dab18 2023-06-09 op event_del(&conf->evsock6);
82 af1dab18 2023-06-09 op close(conf->sock6);
85 af1dab18 2023-06-09 op free_mime(&conf->mime);
86 af1dab18 2023-06-09 op TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
87 af1dab18 2023-06-09 op TAILQ_REMOVE(&conf->fcgi, f, fcgi);
91 af1dab18 2023-06-09 op TAILQ_FOREACH_SAFE(h, &conf->hosts, vhosts, th) {
92 1c6967b3 2023-06-08 op free(h->cert_path);
93 1c6967b3 2023-06-08 op free(h->key_path);
94 1c6967b3 2023-06-08 op free(h->ocsp_path);
95 c26f2460 2023-06-08 op free(h->cert);
97 c26f2460 2023-06-08 op free(h->ocsp);
99 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
100 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->locations, l, locations);
102 c68baad2 2023-06-06 op if (l->dirfd != -1)
103 c68baad2 2023-06-06 op close(l->dirfd);
105 deadd9e1 2023-06-09 op free(l->reqca_path);
106 deadd9e1 2023-06-09 op X509_STORE_free(l->reqca);
110 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(e, &h->params, envs, te) {
111 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->params, e, envs);
115 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
116 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->aliases, a, aliases);
120 c68baad2 2023-06-06 op TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
121 c68baad2 2023-06-06 op TAILQ_REMOVE(&h->proxies, p, proxies);
122 deadd9e1 2023-06-09 op free(p->cert_path);
123 deadd9e1 2023-06-09 op free(p->cert);
124 deadd9e1 2023-06-09 op free(p->key_path);
125 deadd9e1 2023-06-09 op free(p->key);
126 deadd9e1 2023-06-09 op free(p->reqca_path);
127 deadd9e1 2023-06-09 op X509_STORE_free(p->reqca);
131 af1dab18 2023-06-09 op TAILQ_REMOVE(&conf->hosts, h, vhosts);
135 86693a33 2023-06-11 op TAILQ_FOREACH_SAFE(pki, &conf->pkis, pkis, tpki) {
136 86693a33 2023-06-11 op TAILQ_REMOVE(&conf->pkis, pki, pkis);
137 86693a33 2023-06-11 op free(pki->hash);
138 86693a33 2023-06-11 op EVP_PKEY_free(pki->pkey);
142 af1dab18 2023-06-09 op memset(conf, 0, sizeof(*conf));
144 af1dab18 2023-06-09 op conf->ps = ps;
145 ba290ef3 2023-06-11 op conf->use_privsep_crypto = use_privsep_crypto;
146 af1dab18 2023-06-09 op conf->sock4 = conf->sock6 = -1;
147 af1dab18 2023-06-09 op conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
148 af1dab18 2023-06-09 op init_mime(&conf->mime);
149 af1dab18 2023-06-09 op TAILQ_INIT(&conf->fcgi);
150 af1dab18 2023-06-09 op TAILQ_INIT(&conf->hosts);
151 86693a33 2023-06-11 op TAILQ_INIT(&conf->pkis);
155 2e880a57 2023-06-10 op config_send_file(struct privsep *ps, enum privsep_procid id, int type,
156 2e880a57 2023-06-10 op int fd, void *data, size_t l)
161 c26f2460 2023-06-08 op proc_range(ps, id, &n, &m);
162 c26f2460 2023-06-08 op for (n = 0; n < m; ++n) {
164 deadd9e1 2023-06-09 op if (fd != -1 && (d = dup(fd)) == -1)
165 deadd9e1 2023-06-09 op fatal("dup %d", fd);
166 deadd9e1 2023-06-09 op if (proc_compose_imsg(ps, id, n, type, -1, d, data, l)
171 deadd9e1 2023-06-09 op if (fd != -1)
177 2e880a57 2023-06-10 op config_open_send(struct privsep *ps, enum privsep_procid id, int type,
178 2e880a57 2023-06-10 op const char *path)
182 deadd9e1 2023-06-09 op log_debug("sending %s", path);
184 deadd9e1 2023-06-09 op if ((fd = open(path, O_RDONLY)) == -1)
185 deadd9e1 2023-06-09 op fatal("can't open %s", path);
187 2e880a57 2023-06-10 op return config_send_file(ps, id, type, fd, NULL, 0);
191 86693a33 2023-06-11 op config_send_kp(struct privsep *ps, int cert_type, int key_type,
192 86693a33 2023-06-11 op const char *cert, const char *key)
194 ba290ef3 2023-06-11 op struct conf *conf = ps->ps_env;
195 ba290ef3 2023-06-11 op int fd, d, key_target;
197 86693a33 2023-06-11 op log_debug("sending %s", cert);
198 86693a33 2023-06-11 op if ((fd = open(cert, O_RDONLY)) == -1)
199 86693a33 2023-06-11 op fatal("can't open %s", cert);
200 86693a33 2023-06-11 op if ((d = dup(fd)) == -1)
203 86693a33 2023-06-11 op if (config_send_file(ps, PROC_SERVER, cert_type, fd, NULL, 0) == -1) {
207 ba290ef3 2023-06-11 op if (conf->use_privsep_crypto &&
208 ba290ef3 2023-06-11 op config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
211 ba290ef3 2023-06-11 op key_target = PROC_CRYPTO;
212 ba290ef3 2023-06-11 op if (!conf->use_privsep_crypto)
213 ba290ef3 2023-06-11 op key_target = PROC_SERVER;
215 89cfcb45 2023-06-12 op if (config_open_send(ps, key_target, key_type, key) == -1)
218 86693a33 2023-06-11 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
220 86693a33 2023-06-11 op if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
226 4f4937f0 2023-06-08 op make_socket(int port, int family)
229 4f4937f0 2023-06-08 op struct sockaddr_in addr4;
230 4f4937f0 2023-06-08 op struct sockaddr_in6 addr6;
231 4f4937f0 2023-06-08 op struct sockaddr *addr;
232 4f4937f0 2023-06-08 op socklen_t len;
234 4f4937f0 2023-06-08 op switch (family) {
235 4f4937f0 2023-06-08 op case AF_INET:
236 4f4937f0 2023-06-08 op memset(&addr4, 0, sizeof(addr4));
237 4f4937f0 2023-06-08 op addr4.sin_family = family;
238 4f4937f0 2023-06-08 op addr4.sin_port = htons(port);
239 4f4937f0 2023-06-08 op addr4.sin_addr.s_addr = INADDR_ANY;
240 4f4937f0 2023-06-08 op addr = (struct sockaddr*)&addr4;
241 4f4937f0 2023-06-08 op len = sizeof(addr4);
244 4f4937f0 2023-06-08 op case AF_INET6:
245 4f4937f0 2023-06-08 op memset(&addr6, 0, sizeof(addr6));
246 4f4937f0 2023-06-08 op addr6.sin6_family = AF_INET6;
247 4f4937f0 2023-06-08 op addr6.sin6_port = htons(port);
248 4f4937f0 2023-06-08 op addr6.sin6_addr = in6addr_any;
249 4f4937f0 2023-06-08 op addr = (struct sockaddr*)&addr6;
250 4f4937f0 2023-06-08 op len = sizeof(addr6);
254 4f4937f0 2023-06-08 op /* unreachable */
258 4f4937f0 2023-06-08 op if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
259 4f4937f0 2023-06-08 op fatal("socket");
262 4f4937f0 2023-06-08 op if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
263 4f4937f0 2023-06-08 op fatal("setsockopt(SO_REUSEADDR)");
266 4f4937f0 2023-06-08 op if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
267 4f4937f0 2023-06-08 op fatal("setsockopt(SO_REUSEPORT)");
269 4f4937f0 2023-06-08 op mark_nonblock(sock);
271 4f4937f0 2023-06-08 op if (bind(sock, addr, len) == -1)
272 4f4937f0 2023-06-08 op fatal("bind");
274 4f4937f0 2023-06-08 op if (listen(sock, 16) == -1)
275 4f4937f0 2023-06-08 op fatal("listen");
281 c26f2460 2023-06-08 op config_send_socks(struct conf *conf)
283 c26f2460 2023-06-08 op struct privsep *ps = conf->ps;
286 c26f2460 2023-06-08 op if ((sock = make_socket(conf->port, AF_INET)) == -1)
289 2e880a57 2023-06-10 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK4, sock,
290 2e880a57 2023-06-10 op NULL, 0) == -1)
293 c26f2460 2023-06-08 op if (!conf->ipv6)
296 c26f2460 2023-06-08 op if ((sock = make_socket(conf->port, AF_INET6)) == -1)
299 2e880a57 2023-06-10 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK6, sock,
300 2e880a57 2023-06-10 op NULL, 0) == -1)
307 e45334e6 2023-06-09 op config_send(struct conf *conf)
309 c26f2460 2023-06-08 op struct privsep *ps = conf->ps;
310 c26f2460 2023-06-08 op struct etm *m;
311 5d22294a 2023-06-09 op struct fcgi *fcgi;
312 c26f2460 2023-06-08 op struct vhost *h;
313 c26f2460 2023-06-08 op struct location *l;
314 c26f2460 2023-06-08 op struct proxy *p;
315 c26f2460 2023-06-08 op struct envlist *e;
316 c26f2460 2023-06-08 op struct alist *a;
319 c26f2460 2023-06-08 op for (i = 0; i < conf->mime.len; ++i) {
320 c26f2460 2023-06-08 op m = &conf->mime.t[i];
321 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
322 c26f2460 2023-06-08 op m, sizeof(*m)) == -1)
326 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
327 c26f2460 2023-06-08 op &conf->protos, sizeof(conf->protos)) == -1)
330 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PORT,
331 c26f2460 2023-06-08 op &conf->port, sizeof(conf->port)) == -1)
334 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
337 c26f2460 2023-06-08 op if (config_send_socks(conf) == -1)
340 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
343 5d22294a 2023-06-09 op TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) {
344 5d22294a 2023-06-09 op log_debug("sending fastcgi %s", fcgi->path);
345 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
346 5d22294a 2023-06-09 op fcgi, sizeof(*fcgi)) == -1)
350 e45334e6 2023-06-09 op TAILQ_FOREACH(h, &conf->hosts, vhosts) {
351 1c6967b3 2023-06-08 op struct vhost vcopy;
353 1c6967b3 2023-06-08 op memcpy(&vcopy, h, sizeof(vcopy));
354 1c6967b3 2023-06-08 op vcopy.cert_path = NULL;
355 1c6967b3 2023-06-08 op vcopy.key_path = NULL;
356 1c6967b3 2023-06-08 op vcopy.ocsp_path = NULL;
358 c26f2460 2023-06-08 op log_debug("sending host %s", h->domain);
360 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
361 1c6967b3 2023-06-08 op &vcopy, sizeof(vcopy)) == -1)
364 86693a33 2023-06-11 op if (config_send_kp(ps, IMSG_RECONF_CERT, IMSG_RECONF_KEY,
365 86693a33 2023-06-11 op h->cert_path, h->key_path) == -1)
368 1c6967b3 2023-06-08 op if (h->ocsp_path != NULL) {
369 15e60fdf 2023-06-11 op if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP,
370 15e60fdf 2023-06-11 op h->ocsp_path) == -1)
372 15e60fdf 2023-06-11 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
376 c26f2460 2023-06-08 op TAILQ_FOREACH(l, &h->locations, locations) {
377 deadd9e1 2023-06-09 op struct location lcopy;
380 deadd9e1 2023-06-09 op memcpy(&lcopy, l, sizeof(lcopy));
381 deadd9e1 2023-06-09 op lcopy.reqca_path = NULL;
382 deadd9e1 2023-06-09 op lcopy.reqca = NULL;
383 deadd9e1 2023-06-09 op lcopy.dirfd = -1;
384 deadd9e1 2023-06-09 op memset(&lcopy.locations, 0, sizeof(lcopy.locations));
386 deadd9e1 2023-06-09 op if (l->reqca_path != NULL &&
387 deadd9e1 2023-06-09 op (fd = open(l->reqca_path, O_RDONLY)) == -1)
388 deadd9e1 2023-06-09 op fatal("can't open %s", l->reqca_path);
390 2e880a57 2023-06-10 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_LOC,
391 2e880a57 2023-06-10 op fd, &lcopy, sizeof(lcopy)) == -1)
395 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
398 c26f2460 2023-06-08 op TAILQ_FOREACH(e, &h->params, envs) {
399 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV,
400 c26f2460 2023-06-08 op e, sizeof(*e)) == -1)
404 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
407 c26f2460 2023-06-08 op TAILQ_FOREACH(a, &h->aliases, aliases) {
408 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
409 c26f2460 2023-06-08 op a, sizeof(*a)) == -1)
413 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
416 c26f2460 2023-06-08 op TAILQ_FOREACH(p, &h->proxies, proxies) {
417 deadd9e1 2023-06-09 op struct proxy pcopy;
420 deadd9e1 2023-06-09 op memcpy(&pcopy, p, sizeof(pcopy));
421 deadd9e1 2023-06-09 op pcopy.cert_path = NULL;
422 deadd9e1 2023-06-09 op pcopy.cert = NULL;
423 deadd9e1 2023-06-09 op pcopy.certlen = 0;
424 deadd9e1 2023-06-09 op pcopy.key_path = NULL;
425 deadd9e1 2023-06-09 op pcopy.key = NULL;
426 deadd9e1 2023-06-09 op pcopy.keylen = 0;
427 deadd9e1 2023-06-09 op pcopy.reqca_path = NULL;
428 deadd9e1 2023-06-09 op pcopy.reqca = NULL;
430 deadd9e1 2023-06-09 op if (p->reqca_path != NULL) {
431 deadd9e1 2023-06-09 op fd = open(p->reqca_path, O_RDONLY);
432 deadd9e1 2023-06-09 op if (fd == -1)
433 deadd9e1 2023-06-09 op fatal("can't open %s", p->reqca_path);
436 2e880a57 2023-06-10 op if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_PROXY,
437 2e880a57 2023-06-10 op fd, &pcopy, sizeof(pcopy)) == -1)
440 86693a33 2023-06-11 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
443 86693a33 2023-06-11 op if (p->cert_path == NULL || p->key_path == NULL)
446 86693a33 2023-06-11 op if (config_open_send(ps, PROC_SERVER,
447 86693a33 2023-06-11 op IMSG_RECONF_PROXY_CERT, p->cert_path) == -1 ||
448 2e880a57 2023-06-10 op config_open_send(ps, PROC_SERVER,
449 2e880a57 2023-06-10 op IMSG_RECONF_PROXY_KEY, p->key_path) == -1)
452 deadd9e1 2023-06-09 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
456 c26f2460 2023-06-08 op if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
464 c26f2460 2023-06-08 op load_file(int fd, uint8_t **data, size_t *len)
466 c26f2460 2023-06-08 op struct stat sb;
469 c26f2460 2023-06-08 op if (fstat(fd, &sb) == -1)
470 c26f2460 2023-06-08 op fatal("fstat");
472 c26f2460 2023-06-08 op if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
473 c26f2460 2023-06-08 op log_warnx("file too large");
477 c26f2460 2023-06-08 op *len = sb.st_size;
479 c26f2460 2023-06-08 op if ((*data = malloc(*len)) == NULL)
480 c26f2460 2023-06-08 op fatal("malloc");
482 4ad573d0 2023-06-11 op r = pread(fd, *data, *len, 0);
483 4ad573d0 2023-06-11 op if (r == -1 || (size_t)r != *len) {
484 4ad573d0 2023-06-11 op log_warn("read failed");
495 86693a33 2023-06-11 op config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
497 86693a33 2023-06-11 op static struct pki *pki;
501 86693a33 2023-06-11 op /* XXX: check for duplicates */
503 86693a33 2023-06-11 op if (imsg->fd == -1)
504 86693a33 2023-06-11 op fatalx("no fd for imsg %d", imsg->hdr.type);
506 86693a33 2023-06-11 op switch (imsg->hdr.type) {
507 86693a33 2023-06-11 op case IMSG_RECONF_CERT:
508 86693a33 2023-06-11 op if (pki != NULL)
509 86693a33 2023-06-11 op fatalx("imsg in wrong order; pki is not NULL");
510 86693a33 2023-06-11 op if ((pki = calloc(1, sizeof(*pki))) == NULL)
511 86693a33 2023-06-11 op fatal("calloc");
512 86693a33 2023-06-11 op if (load_file(imsg->fd, &d, &len) == -1)
513 86693a33 2023-06-11 op fatalx("can't load file");
514 86693a33 2023-06-11 op if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
515 86693a33 2023-06-11 op fatalx("failed to compute cert hash");
517 86693a33 2023-06-11 op TAILQ_INSERT_TAIL(&conf->pkis, pki, pkis);
520 86693a33 2023-06-11 op case IMSG_RECONF_KEY:
521 86693a33 2023-06-11 op if (pki == NULL)
522 86693a33 2023-06-11 op fatalx("got key without cert beforehand %d",
523 86693a33 2023-06-11 op imsg->hdr.type);
524 86693a33 2023-06-11 op if (load_file(imsg->fd, &d, &len) == -1)
525 86693a33 2023-06-11 op fatalx("failed to load private key");
526 86693a33 2023-06-11 op if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
527 86693a33 2023-06-11 op fatalx("failed load private key");
540 c26f2460 2023-06-08 op config_recv(struct conf *conf, struct imsg *imsg)
542 c26f2460 2023-06-08 op static struct vhost *h;
543 deadd9e1 2023-06-09 op static struct proxy *p;
544 c26f2460 2023-06-08 op struct privsep *ps = conf->ps;
545 c26f2460 2023-06-08 op struct etm m;
546 5d22294a 2023-06-09 op struct fcgi *fcgi;
547 c26f2460 2023-06-08 op struct vhost *vh, vht;
548 c26f2460 2023-06-08 op struct location *loc;
549 c26f2460 2023-06-08 op struct envlist *env;
550 c26f2460 2023-06-08 op struct alist *alias;
551 c26f2460 2023-06-08 op struct proxy *proxy;
553 2cef5cf4 2023-06-12 op size_t len, datalen;
555 c26f2460 2023-06-08 op datalen = IMSG_DATA_SIZE(imsg);
557 c26f2460 2023-06-08 op switch (imsg->hdr.type) {
558 c26f2460 2023-06-08 op case IMSG_RECONF_START:
559 af1dab18 2023-06-09 op config_purge(conf);
564 c26f2460 2023-06-08 op case IMSG_RECONF_MIME:
565 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &m);
566 c26f2460 2023-06-08 op memcpy(&m, imsg->data, datalen);
567 c26f2460 2023-06-08 op if (m.mime[sizeof(m.mime) - 1] != '\0' ||
568 c26f2460 2023-06-08 op m.ext[sizeof(m.ext) - 1] != '\0')
569 c26f2460 2023-06-08 op fatal("received corrupted IMSG_RECONF_MIME");
570 c26f2460 2023-06-08 op if (add_mime(&conf->mime, m.mime, m.ext) == -1)
571 c26f2460 2023-06-08 op fatal("failed to add mime mapping %s -> %s",
572 c26f2460 2023-06-08 op m.mime, m.ext);
575 c26f2460 2023-06-08 op case IMSG_RECONF_PROTOS:
576 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &conf->protos);
577 c26f2460 2023-06-08 op memcpy(&conf->protos, imsg->data, datalen);
580 c26f2460 2023-06-08 op case IMSG_RECONF_PORT:
581 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &conf->port);
582 c26f2460 2023-06-08 op memcpy(&conf->port, imsg->data, datalen);
585 c26f2460 2023-06-08 op case IMSG_RECONF_SOCK4:
586 c26f2460 2023-06-08 op if (conf->sock4 != -1)
587 c26f2460 2023-06-08 op fatalx("socket ipv4 already recv'd");
588 c26f2460 2023-06-08 op if (imsg->fd == -1)
589 c26f2460 2023-06-08 op fatalx("missing socket for IMSG_RECONF_SOCK4");
590 c26f2460 2023-06-08 op conf->sock4 = imsg->fd;
591 c26f2460 2023-06-08 op event_set(&conf->evsock4, conf->sock4, EV_READ|EV_PERSIST,
592 af1dab18 2023-06-09 op do_accept, conf);
595 c26f2460 2023-06-08 op case IMSG_RECONF_SOCK6:
596 c26f2460 2023-06-08 op if (conf->sock6 != -1)
597 c26f2460 2023-06-08 op fatalx("socket ipv6 already recv'd");
598 c26f2460 2023-06-08 op if (imsg->fd == -1)
599 c26f2460 2023-06-08 op fatalx("missing socket for IMSG_RECONF_SOCK6");
600 c26f2460 2023-06-08 op conf->sock6 = imsg->fd;
601 c26f2460 2023-06-08 op event_set(&conf->evsock6, conf->sock6, EV_READ|EV_PERSIST,
602 af1dab18 2023-06-09 op do_accept, conf);
605 c26f2460 2023-06-08 op case IMSG_RECONF_FCGI:
606 5d22294a 2023-06-09 op IMSG_SIZE_CHECK(imsg, fcgi);
607 5d22294a 2023-06-09 op fcgi = xcalloc(1, sizeof(*fcgi));
608 5d22294a 2023-06-09 op memcpy(fcgi, imsg->data, datalen);
609 5d22294a 2023-06-09 op log_debug("received fcgi %s", fcgi->path);
610 5d22294a 2023-06-09 op TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
613 c26f2460 2023-06-08 op case IMSG_RECONF_HOST:
614 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, &vht);
615 c26f2460 2023-06-08 op memcpy(&vht, imsg->data, datalen);
616 c26f2460 2023-06-08 op vh = new_vhost();
617 c26f2460 2023-06-08 op strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
619 e45334e6 2023-06-09 op TAILQ_INSERT_TAIL(&conf->hosts, h, vhosts);
621 deadd9e1 2023-06-09 op /* reset proxy */
625 c26f2460 2023-06-08 op case IMSG_RECONF_CERT:
626 c26f2460 2023-06-08 op log_debug("receiving cert");
627 86693a33 2023-06-11 op if (privsep_process == PROC_CRYPTO)
628 86693a33 2023-06-11 op return config_crypto_recv_kp(conf, imsg);
629 c26f2460 2023-06-08 op if (h == NULL)
630 c26f2460 2023-06-08 op fatalx("recv'd cert without host");
631 c26f2460 2023-06-08 op if (h->cert != NULL)
632 c26f2460 2023-06-08 op fatalx("cert already received");
633 c26f2460 2023-06-08 op if (imsg->fd == -1)
634 c26f2460 2023-06-08 op fatalx("no fd for IMSG_RECONF_CERT");
635 c26f2460 2023-06-08 op if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
636 c26f2460 2023-06-08 op fatalx("failed to load cert for %s",
640 c26f2460 2023-06-08 op case IMSG_RECONF_KEY:
641 c26f2460 2023-06-08 op log_debug("receiving key");
642 86693a33 2023-06-11 op if (privsep_process == PROC_CRYPTO)
643 86693a33 2023-06-11 op return config_crypto_recv_kp(conf, imsg);
644 c26f2460 2023-06-08 op if (h == NULL)
645 c26f2460 2023-06-08 op fatalx("recv'd key without host");
646 c26f2460 2023-06-08 op if (h->key != NULL)
647 c26f2460 2023-06-08 op fatalx("key already received");
648 c26f2460 2023-06-08 op if (imsg->fd == -1)
649 c26f2460 2023-06-08 op fatalx("no fd for IMSG_RECONF_KEY");
650 c26f2460 2023-06-08 op if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
651 c26f2460 2023-06-08 op fatalx("failed to load key for %s",
655 c26f2460 2023-06-08 op case IMSG_RECONF_OCSP:
656 c26f2460 2023-06-08 op log_debug("receiving ocsp");
657 c26f2460 2023-06-08 op if (h == NULL)
658 c26f2460 2023-06-08 op fatalx("recv'd ocsp without host");
659 c26f2460 2023-06-08 op if (h->ocsp != NULL)
660 c26f2460 2023-06-08 op fatalx("ocsp already received");
661 c26f2460 2023-06-08 op if (imsg->fd == -1)
662 c26f2460 2023-06-08 op fatalx("no fd for IMSG_RECONF_OCSP");
663 c26f2460 2023-06-08 op if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
664 c26f2460 2023-06-08 op fatalx("failed to load ocsp for %s",
668 c26f2460 2023-06-08 op case IMSG_RECONF_LOC:
669 c26f2460 2023-06-08 op if (h == NULL)
670 c26f2460 2023-06-08 op fatalx("recv'd location without host");
671 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, loc);
672 c26f2460 2023-06-08 op loc = xcalloc(1, sizeof(*loc));
673 c26f2460 2023-06-08 op memcpy(loc, imsg->data, datalen);
675 deadd9e1 2023-06-09 op if (imsg->fd != -1) {
676 2cef5cf4 2023-06-12 op if (load_file(imsg->fd, &d, &len) == -1)
677 2cef5cf4 2023-06-12 op fatal("load_file");
678 2cef5cf4 2023-06-12 op loc->reqca = load_ca(d, len);
679 deadd9e1 2023-06-09 op if (loc->reqca == NULL)
680 deadd9e1 2023-06-09 op fatalx("failed to load CA");
684 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->locations, loc, locations);
687 c26f2460 2023-06-08 op case IMSG_RECONF_ENV:
688 c26f2460 2023-06-08 op if (h == NULL)
689 c26f2460 2023-06-08 op fatalx("recv'd env without host");
690 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, env);
691 c26f2460 2023-06-08 op env = xcalloc(1, sizeof(*env));
692 c26f2460 2023-06-08 op memcpy(env, imsg->data, datalen);
693 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->params, env, envs);
696 c26f2460 2023-06-08 op case IMSG_RECONF_ALIAS:
697 c26f2460 2023-06-08 op if (h == NULL)
698 c26f2460 2023-06-08 op fatalx("recv'd alias without host");
699 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, alias);
700 c26f2460 2023-06-08 op alias = xcalloc(1, sizeof(*alias));
701 c26f2460 2023-06-08 op memcpy(alias, imsg->data, datalen);
702 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
705 c26f2460 2023-06-08 op case IMSG_RECONF_PROXY:
706 c26f2460 2023-06-08 op log_debug("receiving proxy");
707 c26f2460 2023-06-08 op if (h == NULL)
708 c26f2460 2023-06-08 op fatalx("recv'd proxy without host");
709 c26f2460 2023-06-08 op IMSG_SIZE_CHECK(imsg, proxy);
710 c26f2460 2023-06-08 op proxy = xcalloc(1, sizeof(*proxy));
711 c26f2460 2023-06-08 op memcpy(proxy, imsg->data, datalen);
713 deadd9e1 2023-06-09 op if (imsg->fd != -1) {
714 2cef5cf4 2023-06-12 op if (load_file(imsg->fd, &d, &len) == -1)
715 2cef5cf4 2023-06-12 op fatal("load_file");
716 2cef5cf4 2023-06-12 op proxy->reqca = load_ca(d, len);
717 deadd9e1 2023-06-09 op if (proxy->reqca == NULL)
718 deadd9e1 2023-06-09 op fatal("failed to load CA");
722 c26f2460 2023-06-08 op TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
726 deadd9e1 2023-06-09 op case IMSG_RECONF_PROXY_CERT:
727 deadd9e1 2023-06-09 op log_debug("receiving proxy cert");
728 deadd9e1 2023-06-09 op if (p == NULL)
729 deadd9e1 2023-06-09 op fatalx("recv'd proxy cert without proxy");
730 deadd9e1 2023-06-09 op if (p->cert != NULL)
731 deadd9e1 2023-06-09 op fatalx("proxy cert already received");
732 deadd9e1 2023-06-09 op if (imsg->fd == -1)
733 deadd9e1 2023-06-09 op fatalx("no fd for IMSG_RECONF_PROXY_CERT");
734 deadd9e1 2023-06-09 op if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
735 deadd9e1 2023-06-09 op fatalx("failed to load cert for proxy %s of %s",
736 deadd9e1 2023-06-09 op p->host, h->domain);
739 deadd9e1 2023-06-09 op case IMSG_RECONF_PROXY_KEY:
740 deadd9e1 2023-06-09 op log_debug("receiving proxy key");
741 deadd9e1 2023-06-09 op if (p == NULL)
742 deadd9e1 2023-06-09 op fatalx("recv'd proxy key without proxy");
743 deadd9e1 2023-06-09 op if (p->key != NULL)
744 deadd9e1 2023-06-09 op fatalx("proxy key already received");
745 deadd9e1 2023-06-09 op if (imsg->fd == -1)
746 deadd9e1 2023-06-09 op fatalx("no fd for IMSG_RECONF_PROXY_KEY");
747 deadd9e1 2023-06-09 op if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
748 deadd9e1 2023-06-09 op fatalx("failed to load key for proxy %s of %s",
749 deadd9e1 2023-06-09 op p->host, h->domain);
752 c26f2460 2023-06-08 op case IMSG_RECONF_END:
753 c26f2460 2023-06-08 op if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,
754 c26f2460 2023-06-08 op NULL, 0) == -1)